带有WS-Federation的.Net Core会生成较大的wctx

问题描述 投票:0回答:1

我正在尝试学习如何在.NET Core应用程序中使用WS-Federation。我正在尝试将客户端应用程序重定向到身份验证服务的基本步骤(在我的FederationMetadata.xml文件中定义),但是当我尝试访问需要身份验证的控制器时,在这种情况下,URL为http://localhost/STSAwareApp/Test],我的重定向URL变为太大而无法使用(我得到404.15,查询字符串太大)。

由于我是WS-Federation的新手,所以我假设我在启动时遇到配置问题:

    public void ConfigureServices(IServiceCollection services)
    {
        IdentityModelEventSource.ShowPII = true;
        services.AddControllersWithViews();

        services.AddAuthentication(sharedOptions =>
        {
            sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
            sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        }).AddWsFederation(authenticationScheme: "WsFederation", displayName: "Test WS-Fed", options =>
        {
             options.Wtrealm = "http://localhost/STSAwareApp/Test";
             options.MetadataAddress = "http://localhost/STSAwareApp/files/FederationMetadata.xml";
             options.RequireHttpsMetadata = false;
        }).AddCookie(options =>
        {
            options.Cookie.Name = "TestStsAuth";
            options.Cookie.HttpOnly = true;
        });

        services.AddLogging(
             builder =>
             {
                 builder.AddFilter("Microsoft", LogLevel.Trace)
                           .AddFilter("System", LogLevel.Trace)
                           .AddConsole();
                    });
            }
    }

以下是正在生成的重定向URL的示例(仅出于完整性考虑):http://localhost:80/STSAwareApp/Test?wtrealm=http%3A%2F%2Flocalhost%2FSTSAwareApp%2FTest&wa=wsignin1.0&wreply=http%3A%2F%2Flocalhost%2FSTSAwareApp%2Fsignin-wsfed&wctx=CfDJ8O7dpxEY6MBCgxct4kkpp1gFIwYvsJN7p6zOuAiyltKmCqff605h1uCh7ZBNM6WneU_7XlxHKAt7CYmBdXG_e19L8z-p64d21gJjDJCdjOkfNieQWNRSPQPGZDUL8eBEVqs4vWaKN-sof8lnblDbySiP8NJPR945c8IYqRwaf7ZBZ-_IxoWZLN_OgMOgFnU5XjtDeUfFCcHh0dtGwSc4PVDPxhKIpxb3JyIEMBRA19qZpudqQEylX6WHek5LkNK1IDbWDv2ll9F5HCJSQxvpVDrLw62dBfF6IDNg3Ar8q2Yr_bpV1gA1RR7kHp3Gs4soxfZENfvi96qkPJs4ZOqvUYjRQjho34Lkc9VH5q2w7n4Oty6abFXs_jeDQQN7ZyFBGQrb-wxBZBEuvNJAFp-ckhGVCeKrtdmXS4bVAvbEtPAEtLHXJpv82Y843_UVCeAQycMjmz2stIovI-HiKAWwCkoc03J7gOlTEwyrn1cR-Ia3QWN4mPN2ncqxW5e80kamNDIDmRxiWoox1Z6x5SATSIO3KergXc7VE1G8-2gLicc8_flyLR6NXUAdDRZTnxGzChHzf2L1eqjm0K_PvioAdqJNuFDlFMeGyfarEbXahAqpchuDvSgolSEKgGO-uLw5GEdCS-5cX_Ztt3bAjbXzkPMdhzYbXFWTDdYTMMMta18nhzgAk5CIzDvo1BmniWGdwUy-lAWm9BoNd4TsroQa-F8NJ86K4sixQIqRqQ-D-Bf_672hHbIkY1QEEe8tqTH-1Qwn9K5RY5sVFQLu0Ec4bp0Zj2EDis-GAtMxhp6761MciYjjhqgORhe3gsLeej5GEY0AErXUOCxdghQKs-waLQtNQ2F4Xn226DYp6NVn8bLs5pu4mFblaWRn9cVzKPHUosRT9BjKqbnLpCCC0A4cOXec-G5znWLOXa6G4qsZjFl5h79MwStDnzP6GU2Wg6TaLG83783f6bRsJwX8blc1CMEjByphkpZp-VdR6FytLXvu4bh8gQQo2K3ad76pNlF8HnA4y1f0p86A82i2IPPDrOeW6YFupzZRITSFz-JvhjAZbkSzu26bgqgHNVTIz1ebu9mHIMQzGzpAu0rFIl16HszR7Omxn8TljADTCCLasQyLNRUIXSA5teeowULetXEv_rmOr6ANkk0kQ-q3pPuiOzkA0aFV6g1jYQ-JvS9K817IafEes7akoDrPbeHEmvD5sWzxERlMtnEQtYwcrPiOroWXIh1QgLjqUgTxtagWmkzoBWVM5PnNmMVkk0alyTgZKOomTcZN8ePkLRp4sY0d0D_uqb0Rn_s757Nb-oDztAz6SLOkCzWnPDif3eIAFTZy24v_oYr3SOFfvM2J-_t0kg3zlRovg25_bPPSs-qyfrMMBSbMammB5e7SKbIna4dPhMdv93Vm6I2GwJ8-VY-pAuBT4MQXPLD1VwdiBT3hWsZOoeMUl1JuL7B9pJDAMBNO2OUTaRb7dajP3VsA09XSgVrBeZ1Hvk733TrzFVoR5KQgHS4qw9cxquRmqP2XfEYTQocB-mUL4b-n0h3RN2qzaHn_VH2pZDV842YcanF4SZ8dDPB4EnLCWU7pf67IwvruInvu8MXg01xNoURh6rKLmSwikbgsEM7Es87RMQSEvar1QixBId9XMO1YiHVvGAdJoivUveJSO1T8Aj4A2xFllBjtD4SfnJc5UDTQ7UxGnVmIVw6pwS9N26U_u09n-T4j5R-ZVQyCNgSjoNRg-3jmMatXcAhT4vJgO-kRuzMiBKnavJ7EPyS8Th8KUK0ws1tQYQKmQQGvd7DT_GRC0wXT8HrTZ1uxTmxxDibzyCLxJZmulLHPcYaXwpWw6j56vOxgCrGy-3L5GtfnXNN1UdE3QzbE6_XL3xF8B3uD6Z5g5ZB_ZR4Q0QS0K9Kb6guaAtxEJYKc2eE2DZ2OpMNtyw5imNYt9crd5J4mB05GR7c0Nur2vqzk1mGM56_0IQD9L4HV4fXNmQuprEpwNZ41NyW-bhcVS30rZn73WLc-XBlNWhCrE_HiTWzCDOn9juofX7_C2AcQypJt-aweXEN5uxRWPp_W9qFJNblrkjzAEr3o7_dylYLYTstOvW4dYuIE4WlTUiJdJF3Iy02whGQUpclOINsxZ3wotkKY2JsnUzsolSeIfWe-es8soGOkPnDSthgjRbpTxltmVz10L0kAo4zckz4HvhEmziWPsGWZH1UVtRKLniT60qq9PPxeuu_dsodov-ByanyRwMHlkzCJhmSBDE0

我假设URL不仅因为wctx太长而不正确,而且应该尝试重定向到其他服务[http://localhost/STS/V1],它尝试使用带有联合身份验证参数的原始URL。查询字符串。我认为wctx应该较小,因为即使我增加URL限制的大小,它也会继续增长。

.net-core ws-federation
1个回答
0
投票

与此有关的问题是,未正确配置FederationMetadata.xml文档。不能完全确定出了什么问题,但是与其尝试拥有一个有效的xml文档,不如更新WsFederationOptions的Configuration属性。附件是更新的启动调用:

public void ConfigureServices(IServiceCollection services)
{
    IdentityModelEventSource.ShowPII = true;
    services.AddControllersWithViews();

    services.AddAuthentication(sharedOptions =>
    {
        sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
        sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    }).AddWsFederation(authenticationScheme: "WsFederation", displayName: "Test WS-Fed", options =>
    {
        WsFederationConfiguration configuration = new WsFederationConfiguration();
        configuration.TokenEndpoint = "http://localhost/STSSpike/V1";
        options.Configuration = configuration;
        options.Wtrealm = "http://localhost/STSAwareApp/Test";
    }).AddCookie(options =>
    {
        options.Cookie.Name = "TestStsAuth";
        options.Cookie.HttpOnly = true;
    });

    services.AddLogging(
        builder =>
        {
            builder.AddFilter("Microsoft", LogLevel.Trace)
                   .AddFilter("System", LogLevel.Trace)
                   .AddConsole();
        });
}

猜测这是一个相当本地化的问题,所以可能要关闭。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.